The way you hold your phone could be giving away your passwords to hackers

Here's some news which might make you reconsider the way you handle your smartphone. According to new research, the way you tilt your mobile could give away vital information, like your PIN and passwords, to hackers.

Cyber experts at Newcastle University have highlighted how easy it is for malicious websites and apps to "spy" on users using the motion sensors found in smartphones and tablets. Analysing the movement of a device as the keyboard was being used, the team of researchers were able to crack four-digit PINs with 70 per cent accuracy on the first guess and alarmingly, 100 per cent by the fifth guess.

Advertisement - Continue Reading Below

Despite this threat, the research found that people are unaware of the risks and many of us don't have an understanding of what the majority of the twenty five different sensors available on current smart phones actually do. And while the researchers said they had alerted all the major browser providers such as Google and Apple of the risks, a solution has not yet been found.

KUWTK/E!

The team identified 25 different sensors which come as standard on most smart devices and were used to give different information about the device and its user. They found that each touch action, such as clicking, scrolling, holding and tapping, "induced a unique orientation and motion trace." This meant that on a known webpage, the team could find out which part of the page the user was clicking on and what they were typing.

Advertisement - Continue Reading Below

"Depending on how we type – whether you hold your phone in one hand and use your thumb, or perhaps hold with one hand and type with the other, whether you touch or swipe - the device will tilt in a certain way and it's quite easy to start to recognise tilt patterns associated with 'Touch Signatures' that we use regularly," Dr Siamak Shahandashti, a Senior Research Associate in the School of Computing Science and co-author on the study, explained.

However, perhaps the most worrying finding was how how many apps and websites are able to "listen in" on our data.

"Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer," added Dr Maryam Mehrnezhad, a Research Fellow in the School of Computing Science and lead author of the study.

Advertisement - Continue Reading Below

"But because mobile apps and websites don't need to ask permission to access most of them, malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords."

But surely we can protect ourselves? According to Dr Mehrnezhad, it's not straight-forward. "There is no uniform way of managing sensors across the industry they pose a real threat to our personal security," she said. And even if we did deny access to a browser altogether, "we don't want to lose all the benefits associated with in-built motion sensors."

The researchers do recommend following a few "simple rules" though. These include making sure you change your PINS and passwords regularly, to avoid malicious websites from recognising a pattern, and closing background apps when you're not using them. They also suggest only installing applications from approved app stores and revising the permissions that apps have on your phone.